src/libksba.def | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix mingw32 linker error
 without this patch, we get a problem cross-building for mingw32, where the linker script is not recognized.
 .
 This is a similar issue to the one the libgpg-error had in
 https://lists.gnupg.org/pipermail/gnupg-devel/2016-February/030798.html

src/cms.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] fix a possible segv in case of an unknown cms object.

* src/cms.c (ksba_cms_get_enc_val): Fix strcmp.
--

Fixes-commit: 401dc58d3d55ed58a0ac4e1f286a7e19ed9e956c

src/ber-help.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 [patch] detect a possible overflow directly in the tlv parser.

* src/ber-help.c (_ksba_ber_read_tl): Check for overflow of a commonly
used sum.
--

It is quite common to have checks like

    if (ti.nhdr + ti.length >= DIM(tmpbuf))
       return gpg_error (GPG_ERR_TOO_LARGE);

This patch detects possible integer overflows immmediately when
creating the TI object.

Reported-by: ZDI-CAN-18927, ZDI-CAN-18928, ZDI-CAN-18929

src/crl.c | 2 1 + 1 - 0 !
src/ocsp.c | 12 12 + 0 - 0 !
2 files changed, 13 insertions(+), 1 deletion(-)

 [patch] fix an integer overflow in the crl signature parser.

* src/crl.c (parse_signature): N+N2 now checked for overflow.

* src/ocsp.c (parse_response_extensions): Do not accept too large
values.
(parse_single_extensions): Ditto.
--

The second patch is an extra safegourd not related to the reported
bug.

GnuPG-bug-id: 6284
Reported-by: Joseph Surin, elttam